Lessig on how the economics of data-retention will drive privacy tech

From the Boing Boing Shop

Follow Us

In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers.

It's a very lessigian analysis, grounded in the idea that social outcomes are driven by norms, code, law and markets. It's not enough for it to be technologically possible to do a lot of the kind of processing that companies desire without retaining data (code). There also must be rules that punish companies that leak user data (law), which drives the economic decisions to use the technology (markets), and changes what customers view as acceptable data-handling (norms).

I'm keenly interested in how this process could be accelerated. For example, what if insurers refused to offer policies to companies unless they used good, long random salts for their password hashes? Insurers aren't experts in infosec, but they're also not experts in fire-safety. Nevertheless, when it became apparent that they would lose money unless they imposed fire-safety practices on their customers, insurers came up with rules about how many sprinklers, exists, and alarms the businesses they wrote policies for needed to install.

If insurers actually attached pricetags to customer data -- assuming, say, that leaking name, social and date of birth would create $150 in liability from eventual class-action suits over losses -- and passed those costs onto companies, companies would start assuming that user-data was more like plutonium than oil.

The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.

If I ping a service, and it tells me someone is over 18, I don’t need to hold that fact. … The level of security I have to apply … [is not] the same [that] would be required if I was holding all of this data on my servers. This will radically change the burden of security that people will have.

I think the market will move strongly in that direction. Let the bank keep the money you have. You hold it once in awhile when you want to use it. That is the analogy here.

… I don’t hold data on how old you are, but I could of course capture that data once I ping the server. Then the law needs to control the actual uses of the data, make it possible for systems to insist on single-use purposes.

That … is what the future of privacy regulation looks like. I think the future will be one where I will be able to block (certain) data on a driver from being passed through to an insurance company.

Some 1,600 people were secretly livestreamed while staying in South Korean motel rooms where cameras had been hidden by criminals who operated a 4,000-user service for voyeurs, where a $45/month upcharge bought subscribers the right to access replays and other extra services.

A few years ago, a friend of mine, Nico Sell (who runs the Defcon kids' programming track r00tz) asked me to join the advisory board for her startup, Wickr, which does "ephemeral messaging," a subject that is greatly in the news with Facebook's recent announcement of a new kind of "ephemeral messaging" option.

If you’re a Mac user, you thrive on simplicity. Everything in its place and a place for everything. Unsurprisingly, there’s a ton of great organizational apps out there for Mac, and now someone’s had the great idea to bundle them all together. Whether you’re running a demanding business or just getting through the day to […]

Seems like drones are doing a lot of jobs these days, from reconnaissance to delivery. Now, we can add “keeping the Death Star safe” to that list. Whether you’re a drone enthusiast or a Star Wars fan, these Star Wars Propel Drones are undeniably the coolest toy around. Yes, that’s a fully functional drone replica […]

It’s spring clearance time for the Boing Boing Store, when some of the best deals from the holidays return even cheaper than before. From top-rated apps to educational software to the cutest record player of all time, they’re all back with a little extra incentive. Shop your heart out before tax season wraps up! Use […]